About

From its office in Clayton, Missouri, Danna McKitrick, P.C., delivers legal representation to new and growing businesses, financial institutions, non-profit and government-related entities, business owners, individuals, and families throughout the greater St. Louis region and the Midwest.

Danna McKitrick attorneys practice across many areas of law, both industry- and service-oriented.

Cyber criminals hack businesses for a myriad of reasons: to rob bank accounts by hacking email accounts and intercepting wire transfers; to file fraudulent tax returns using stolen customer or employee personal data; to commit health insurance or Medicare fraud; to steal intellectual property; to destroy property; and to deny service. Websites are also hacked as a mechanism to cyber hack other businesses. (See data protection tips here.)

Cyber hackers include your employees, identity thieves, contractors and vendors, business competitors, terrorists, state-sponsored actors and others. The success of your business and its very existence could be placed in jeopardy because of unauthorized business account access, loss of ability to execute transactions, regulatory, reputational and litigation costs, and significant remedial costs.

Focusing on the litigation ramifications, let’s use the following fictional ABC Co. case study to understand the various laws involved. Continue reading »

Today, marketing and sales are yoked through digital channels. Leads and customer relations are created and maintained on LinkedIn, Facebook, Twitter, Blogs, email, video calls, and chat rooms. Your salespeople use these tools to sell your products. Yet, change happens. Valuable salespeople with critical customer relationships and employee friendships will leave your company. Hopefully, when those employees leave your employ, you have non-competes and non-solicitation clauses in place which prohibit them from directly or indirectly soliciting employees or customers for a period of years after termination of employment.

You hear through the grapevine that your former super salesperson who just quit has an updated job status on LinkedIn. Now some of your employees and customers know where the former super salesperson is now employed. To add insult to injury, your former super salesperson has asked several of your employees to connect via LinkedIn. You are afraid of the Pied Piper effect and that more of your employees will leave you. Plus you paid good money for your lawyer to draft the darn non-solicitation agreement and you want your money’s worth!

How can you as an employer determine if your former salesperson is legally violating the non-solicitation agreement?

Passive solicitation. Is the activity passive and what is the content and substance of the message conveyed? Most courts that have considered this issue have found that an update to an individual’s LinkedIn account is passive. But what about a new request to connect?In Bankers Life and Casualty Company v. American Senior Benefits, Bankers Life sued a former sales manager for updating his LinkedIn account and asking three former co-workers – current employees of his former employer – to connect. Bankers Life argued that asking existing employees to connect was targeted and it would uncover job listings of current employer. The sales manager argued that the connection request was a LinkedIn generic email simply asking to form a professional networking connection on social media. The court noted that the generic emails did not contain any discussion of Bankers Life, no mention of the new employer, and no suggestion that a job description be reviewed. Further, current Bankers Life employees had a choice whether or not to respond and connect, click on the former co-worker’s profile, or review job postings for the salesperson’s new employer. Accordingly, the mere act of asking someone to connect on a social network via a generic email generated by the network itself did not violate the non-solicitation agreement. In Pre-Paid Legal Services v. Cahill, the court held that posting on Facebook that an employee has moved and touting the new employer’s product did not constitute evidence of unlawful solicitation.Courts have also ruled that posting a job opportunity on a LinkedIn is not a solicitation and becoming “friends” with former clients on Facebook does not in and of itself violate a non-compete clause (Enhanced Network Solutions Group, Inc. v. Hypersonic Technologies Corp and Invidia and LLC v. DiFonzo).

A cyber incident will happen to your company. It is not a matter of if, but when. Small businesses make an appealing target because hackers know they don’t spend as much on security as larger businesses and are not as careful.

According to a Towergate Insurance study, 82 percent of small business owners claim that they are not targets for attack because there is nothing worth stealing. However, employee personal data and health information and customer data are always worth stealing. Symantec reports that 43 percent of cyber-attacks worldwide in 2016 were against small businesses with less than 250 workers. In fact, cyber crooks try to rob bank accounts via wire transfers, steal customers’ personal identify information, file fraudulent tax returns, commit Medicare fraud, etc.

IBM estimates that nearly two-thirds of all cyber-attacks hit small to mid-sized businesses. More disturbing, the U.S. National Cyber Security Alliance estimates that about 60 percent of those hit are forced to close six months after an attack. A 2016 Poneman Institute Breach Report advises that the average price a small business has to pay after a cyber attack is about $690,000.

One in 14 users are tricked into following a link or opening an attachment with 25 percent of the users making the same mistake twice

It’s all about the money: Perpetrators of data breaches steal and exploit sensitive data for financial gain. They are opportunistic, using phishing to poke for weak points to use as entry points. Phishing, the most common tool, involves collecting sensitive information like login credentials and credit card information through legitimate-looking but fraudulent websites. Ninety-five percent of phishing attacks led to a breach that was followed by the installation of some sort of malicious software (malware).

Small to mid-sized businesses can take preventive steps to minimize damage. Here are 20 tactics to employ to protect your data. Continue reading »

Visiting a website and merely viewing its contents can bind you to an internet “Terms and Conditions” or “Terms of Use” (“browsewrap” or “clickwrap”) contract.

Website owners, as technology providers, have a dilemma as they wish to facilitate business in the most efficient way. Maintaining the integrity of their software by controlling the scope of the limited software license they are offering is essential to protecting their copyrighted technology.

Given website owners are offering their services to the world, a pressing concern is a disgruntled website user who sues via a class action in the user’s home state. The issue for the courts is how many dispute resolution pre-existing legal rights a website owner can remove through its browsewrap contract, often called “Terms and Conditions,” if the website user receives little to no notice of its existence or has no knowledge that such a notice refers to a binding contract.

If you look carefully at a website you frequently use, you are likely to see various notices in capital letters in highlighted colors referencing that your use of the website is an automatic agreement to the website policies of privacy and terms and conditions. You may not know that this means you are binding yourself to a contract. If you do click on that bothersome notice link, you will most likely notice a nonnegotiable contract that contains a choice of law, agreement to arbitrate, and/or class action waiver. Given the limited attention span of a website user, most users will not click on the link. This is especially true if the website owner has buried the notice at the very end of the page, made it as inconspicuous as possible, and does not require any action to proceed with using the website. Continue reading »

This summer, Missouri voters approved an amendment to the Missouri Constitution protecting electronic data from searches and seizure by law enforcement officers.

Article I, Section 15 of the Missouri Constitution closely resembles the Fourth Amendment to the Federal Constitution: both provide that the people shall be “secure in their persons, papers, homes and effects from unreasonable searches and seizures,” and that law enforcement must demonstrate probable cause before obtaining a search warrant. The recent amendment modifies Section 15 so that it now explicitly protects “electronic communications and data” and requires police to “describe the data or communication to be accessed as nearly as may be” when applying for a warrant.

Legislation addressing the question of the extent to which an employer may request an employee’s social media account information has been introduced or is pending in 36 states with seven already enacting legislation in 2013.

Unfortunately, at this time the Missouri Legislature has not enacted any legislation to clarify the question of whether an employer may lawfully request or require employees or job applicants provide that employer with their social media account login information. Although the 2013 legislation session recently ended without a bill being passed in both houses, one bill, Senate Committee Substitute / Senate Bill 164, which would have created “The Password Privacy Protection Act,” passed in the Senate and fell just one vote shy of passage in the House. This bill’s partial success likely indicates the direction Missouri will ultimately take.

Like the Illinois legislation, SCS/SB164 began with a general ban of the practice of requesting or requiring the disclosure of account information. Specifically, the bill read:

Subject to the exceptions provided in subsection 4 of this section, an employer shall not request or require an employee or applicant to disclose any user name, password, or other authentication means for accessing any personal online account or personal online service.

The exceptions include and relate to:

(1) Any electronic communications device supplied by or paid for in whole or in part by the employer;

(2) Any accounts or services provided by the employer;

(3) Any account or services the employee uses for business purposes; or

(4) Any accounts or services used as a result of the employee’s employment relationship with the employer.

The bill also included several anti-retaliation provisions and a provision barring employees from transferring “an employer’s proprietary or confidential information or financial data to an employee’s personal online account” or service without employer authorization (i.e., barring an employee from posting trade secrets on Facebook without permission).

Like its Illinois counterpart, SCS/SB164 sought to clarify what it was not intended to do as well. It specifically stated, in part, that it should not be construed to prevent an employer from restricting or prohibiting an employee’s access to certain websites while using devices paid for by the employer, monitoring electronic data stored on an electronic communications device paid for by the employer (or such data that is traveling through or stored on an employer’s network), or restricting an employer’s review of public domain information.

While the bill sought to remedy one perceived problem, it may have actually emphasized another. The bill’s exception for employer-paid devices and interpretation not to prevent monitoring of data stored on such devices or flowing across employer’s networks leaves open the issue of the extent to which an employer may obtain an employee’s social media account information, or any information such as bank or health information, stored on the employer-paid device. Hopefully this potential loophole will be addressed when the Missouri Legislature reconvenes in the next session.

Although SCS/SB164 demonstrates what form a successful bill on this topic might take, SCS/SB164 has not been passed by the Missouri Legislature or signed into law. Therefore, the question remains unsettled in Missouri at this time.

Posted by Attorney David A. Zobel. Zobel primarily represents individuals and corporations in the defense of civil litigation, including contract, negligence, and real estate matters. In addition to his court room work, Zobel assists in advising clients on contract and employment issues and regarding issues arising under the Sunshine Law.

In the spring of 2012, national news media reported an increasing number of employers demanding employees and job applicants provide social media account login information (usernames and passwords) for searching and content monitoring purposes. In my blog post “The Facebook Folly” posted in April 2012, I noted at that time there was no explicit indication as to the legality of this practice.

Since early 2012, however, legislatures in both Missouri and Illinois have worked to clarify the issue in their respective states’ workplaces. We’ll focus on Illinois’ efforts first, and follow up with Missouri in Part 2.

Illinois was an early adopter of a policy prohibiting employers from asking employees or prospective employees for their social media account login information. On January 1, 2013, Illinois and California joined Michigan, New Jersey, Maryland and Delaware making such a practice illegal by enacting Public Act 97-0875, amending the Illinois Right to Privacy in the Work Place Act to read, in part:

It shall be unlawful for any employer to request or require an employee or prospective employee to provide any password or other related account information in order to gain access to the employee’s or prospective employee’s account or profile on a social networking website or to demand access in any manner to an employee’s or prospective employee’s account or profile on a social networking website. 820 ILCS 55/10(b)(1).

However, in an apparent attempt to balance the interests of both employees and employers, the Act further states and clarifies that it is not intended to limit the employer’s right to create and maintain lawful workplace policies governing Internet use, limit the employer’s ability to monitor usage of the employer’s electronic equipment or electronic mail (as long as the employer does not request or require the employee “provide any password or other related account information”), or limit the employer from obtaining information about its employees or prospective employees from the public domain. Continue reading »

Thanks to an exponential growth rate in technology, the Internet has changed the world and how we communicate with each other. In 1995, 16 million people used the Internet. Last year, 2 billion people used the Internet and in 2020 it is predicted that the number will be over 5 billion.

Google, a 12-year-old company, has certainly fueled this growth. Social media platforms have also supercharged Internet usage. Facebook claims to have over 800 million active subscribers, LinkedIn claims 85 million subscribers and YouTube has over 100 million videos online.

However, the way we relate to and judge each other, whether it is for employment, relationships, or credit history, has not changed. We are all trying to predict each other’s future behavior for the relationship(s) and transactions we seek.

Facebook purports to be worth $104 billion with its purchase of Instagram. Why is it worth so much? Because companies are spending over $2 billion per year to collect information from social media outlets about what we as consumers want. Our behavior and our opinions can be measured in fine detail as we post and that behavior can be monetized. For example, it is estimated that your personal/buying information is worth $50 to $500 to Google, depending upon how much you spend. On Twitter, each of your followers, assuming you have a large following, could be worth as much as $2.50 each per month. In short, personal data greases the Internet. The data we share (names, addresses, pictures, precise locations, and links) helps companies target advertising based not only on demographic but also on personal opinion and desires.

What does all of this information mean to you as an individual? Technology rules will continue to change, so you need to be vigilant. It is important for you to keep up with the positives and negatives of the rapidly changing technology. Right now, social media is at its height but it is designed for websites. That is predicted to change as the world moves to smartphones. Nearly $1 million worth of features come with any smartphone and there are a billion smartphones in the world. Within the next decade, 6 billion people will have a constant connection to the Internet. This explains why Facebook recently bought Instagram, a mobile app company, for $1 billion. Facebook wants to conquer the smartphone market and not be left behind. Continue reading »

Within the past few months more and more news outlets have reported stories of employers asking job applicants for their Facebook login information. While many applicants understandably feel uncomfortable with the idea of their potential employer delving through their private lives, applicants are typically not in the position to decline.

This new trend has sparked an inevitable inquiry: is it legal? At this time, the answer is uncertain. Like many issues arising from the fast-paced and ever-changing world of the Internet and social media, the law has not caught up with the question. There does not appear to be a statute, regulation or court decision directly on point – either at the federal or state level. Consequently, experts on both sides of the issue have begun considering and arguing whether any statutes, regulations, or court decisions indirectly apply to the issue.

Missouri statute does not appear to directly prohibit such a practice; however, this does not mean it is wise for employers to engage in it. The reason has little to do with the actual practice of asking for the login information, but rather concerns what may be potentially discovered by such practice. No, I am not referring to finding rants about past employers or photos of bad decisions and misdemeanors. Employers should be concerned about finding family or pregnancy photos, photos of the applicant in the hospital, and/or religious views.

The exponential growth of technology has created amazing efficiencies in how businesses operate. Such cost savings come with a cost and companies need to continuously adapt to the ever changing opportunities and vulnerabilities. In 2020, it is predicted that over 5 billion people will be using the Internet, and within the next decade 6 billion people will have a constant connection to the Internet. The growth of your business is inextricably combined with the growth of the Internet.

Below are 10 best practices for your businesses to consider as you move forward: